Received: by 10.223.185.116 with SMTP id b49csp7394896wrg; Thu, 1 Mar 2018 05:00:54 -0800 (PST) X-Google-Smtp-Source: AG47ELu91zi+V0mA3xaJoPsooNZYkHXBkq8qlgaaMY7vBQba6yxZkhdJYB8FqWAC4BxIdT/Zrp7z X-Received: by 2002:a17:902:8491:: with SMTP id c17-v6mr1865159plo.105.1519909254126; Thu, 01 Mar 2018 05:00:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519909254; cv=none; d=google.com; s=arc-20160816; b=phUfEZQTP/jreMObHukdyGBqG2jdRuyxY1kbRlelvOQ6WevWsDB1gB4KYBn54t2cvq tTAtntnvjMhN+3goM76WAqr0Xpm6dE2BsPXwenvqglNBpvk36Rq9zIuhZq13mDecADce LOIrU2xt7/aFKCi8zdYWaZqfiq3HhAcaCqyrkhweusZWPwmiEg5k/rQ9Z6R/jWUpcrF8 cE2xGNIM/uK0k9NBsCxC0NANSTQz4JIbA0c+vbDUDMu0ZmsDWHDubrvpfDSf6ONMRBBY cU2FajbOWkQKg2GjIJhL/41kvb0xxZLTC6HYQfKeNxk2fJWwQEtr4W3Sqk9H+OzUMrqO 9hoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=; b=uq2MRcidl4UTVuiRZ8kF9YKOeJJl9AoeZSzLZO276YMnExq5//zxLTz/2Pxtj+3qcn iGuSVAYinRhV/d7mHKJ2jZUMlWk9YUWklmdJ65vBThCb2fOZQLBiKqAkgoKnxqMBjD4D mc9ptVMUSvIFElWvSVwBkju5Qu3eRIrlwcr/KxUaSCWddW3WENnVFKtbVXyihJzTMn3T I52OVAUXzE6Im1QKZm45B+4h615tXcmAe8kbN5YYHv/6kX+luk7arYX2oEK/GWbjsMGP ZPCkvSMhMHW3MFVrzUxQpW04iIatENt3qIVmwKTTb7Z8RQmoh+Gqucoh2mo1u76yqPMn nrtA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=g3bSVM/I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b35-v6si2992398plh.712.2018.03.01.05.00.39; Thu, 01 Mar 2018 05:00:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=g3bSVM/I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1030981AbeCAM7L (ORCPT + 99 others); Thu, 1 Mar 2018 07:59:11 -0500 Received: from mail-pl0-f65.google.com ([209.85.160.65]:43380 "EHLO mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1030779AbeCAM7H (ORCPT ); Thu, 1 Mar 2018 07:59:07 -0500 Received: by mail-pl0-f65.google.com with SMTP id f23-v6so3586608plr.10 for ; Thu, 01 Mar 2018 04:59:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=; b=g3bSVM/I2Ae2TbP7y3xsFIsoL2bwk7RAYi8r/DuRx7AjqOtNXe+Q6Xd1PH5lyobZL4 Mmx5Am3+envCjO0U75QBoyfZVpFiLmfHRHvLnM0rhcGlPyHIyrSg3lKYvbkMWojhlmoa IoYJWNjH8Z8T5/nDjbnU3kPco/m9bQ9NK8uzg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=; b=Z1MS+9Qa84/S5ZgOM8kUmbAWwrX8qVgEOpCYUhV2P5UTrbBI4TLTtC8FxLWtIryriJ /IbfN+t6p7pQXRiddZ4OTQN3tLN+xezE+n3DYwIP4BoRAgLg6WjbWjXPbRqga2wa+hds FD0fTv//ljMFpXwIqajmnM/XBlsQvFcJshSWaUtQnRr3RHPfGIYOmPcL6kCBn+4dAMfm +ZmubG73T0nMKOrCGydKE4A0o+fIQy7C9bGAUCTS6FvnxQ3itOwJkTOJkujLwB6Efz6P 0iPR2vQHWw1PHxeWh+E4CbdAwyZ7FHaCEwRy5oBpa2D1MmMAB5UZNeXQF3nHZDLXcAEE njnA== X-Gm-Message-State: APf1xPB8fYzZca+47jdi9Dbte763tABu+eqSWSbPVDzuGpmlfHRxulRY FO0Gv/+1kpYLX0ULpDsMZaEYZQ== X-Received: by 2002:a17:902:22f:: with SMTP id 44-v6mr1843963plc.418.1519909147140; Thu, 01 Mar 2018 04:59:07 -0800 (PST) Received: from localhost.localdomain (176.122.172.82.16clouds.com. [176.122.172.82]) by smtp.gmail.com with ESMTPSA id x4sm2289655pfb.46.2018.03.01.04.59.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 01 Mar 2018 04:59:06 -0800 (PST) From: Alex Shi To: Marc Zyngier , Will Deacon , Ard Biesheuvel , Catalin Marinas , stable@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Cc: Alex Shi Subject: [PATCH 27/45] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 Date: Thu, 1 Mar 2018 20:54:04 +0800 Message-Id: <1519908862-11425-28-git-send-email-alex.shi@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519908862-11425-1-git-send-email-alex.shi@linaro.org> References: <1519908862-11425-1-git-send-email-alex.shi@linaro.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Will Deacon commit 30d88c0e3ace upstream. It is possible to take an IRQ from EL0 following a branch to a kernel address in such a way that the IRQ is prioritised over the instruction abort. Whilst an attacker would need to get the stars to align here, it might be sufficient with enough calibration so perform BP hardening in the rare case that we see a kernel address in the ELR when handling an IRQ from EL0. Reported-by: Dan Hettena Reviewed-by: Marc Zyngier Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Alex Shi --- arch/arm64/kernel/entry.S | 5 +++++ arch/arm64/mm/fault.c | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index d50c2fe..e26a114 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -646,6 +646,11 @@ el0_irq_naked: #endif ct_user_exit +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + tbz x22, #55, 1f + bl do_el0_irq_bp_hardening +1: +#endif irq_handler #ifdef CONFIG_TRACE_IRQFLAGS diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 6120a14..ad49ae8 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -590,6 +590,12 @@ asmlinkage void __exception do_mem_abort(unsigned long addr, unsigned int esr, arm64_notify_die("", regs, &info, esr); } +asmlinkage void __exception do_el0_irq_bp_hardening(void) +{ + /* PC has already been checked in entry.S */ + arm64_apply_bp_hardening(); +} + asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr, unsigned int esr, struct pt_regs *regs) -- 2.7.4